[Bug 1483033] [NEW] Please sync expat 2.1.0-7 (main) from Debian unstable (main)

Hans Joachim Desserud 1483033 at bugs.launchpad.net
Sun Aug 9 18:44:02 UTC 2015 

Public bug reported:

Please sync expat  2.1.0-7 (main) from Debian unstable (main).

Explanation of the Ubuntu delta and why it can be droppped:

expat (2.1.0-6ubuntu1) utopic; urgency=medium

  * No-change rebuild to get debug symbols on all architectures.
 -- Brian Murray <brian at ubuntu.com>   Tue, 21 Oct 2014 11:56:11 -0700

Unless I'm missing something, this was just a rebuild without any
changes.

Changes in Debian since 2.1.0-6:
expat (2.1.0-7) unstable; urgency=high

  * Fix CVE-2015-1283, multiple integer overflows in the XML_GetBuffer
    function (closes: #793484).
  * Update Standards-Version to 3.9.6 .

 -- Laszlo Boszormenyi (GCS) <gcs at debian.org>  Fri, 24 Jul 2015 14:48:45
+0000


Note that this includes fix for a CVE. I don't know what the policy is regarding syncs with the ongoing gcc5 transition, so please let me know if this will need to wait until that has been sorted out.

** Affects: expat (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: upgrade-software-version

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1283

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1483033

Title:
  Please sync expat  2.1.0-7 (main) from Debian unstable (main)

Status in expat package in Ubuntu:
  New

Bug description:
  Please sync expat  2.1.0-7 (main) from Debian unstable (main).

  Explanation of the Ubuntu delta and why it can be droppped:

  expat (2.1.0-6ubuntu1) utopic; urgency=medium

    * No-change rebuild to get debug symbols on all architectures.
   -- Brian Murray <brian at ubuntu.com>   Tue, 21 Oct 2014 11:56:11 -0700

  Unless I'm missing something, this was just a rebuild without any
  changes.

  Changes in Debian since 2.1.0-6:
  expat (2.1.0-7) unstable; urgency=high

    * Fix CVE-2015-1283, multiple integer overflows in the XML_GetBuffer
      function (closes: #793484).
    * Update Standards-Version to 3.9.6 .

   -- Laszlo Boszormenyi (GCS) <gcs at debian.org>  Fri, 24 Jul 2015
  14:48:45 +0000

  
  Note that this includes fix for a CVE. I don't know what the policy is regarding syncs with the ongoing gcc5 transition, so please let me know if this will need to wait until that has been sorted out.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/expat/+bug/1483033/+subscriptions

More information about the Ubuntu-sponsors mailing list